Listen to this Post
With the public preview of Security Copilot support for Azure Lighthouse and Microsoft Sentinel, Managed Security Service Providers (MSSPs) can now enhance their security operations. MSSPs can purchase Security Copilot Units (SCUs) and attach them to the managing tenant in Azure Lighthouse. This allows them to run Security Copilot skills related to Microsoft Sentinel on customer tenants via Azure Lighthouse, even if the customer does not have Security Copilot.
Key Features:
- SCU Attachment: MSSPs can attach SCUs to the managing tenant in Azure Lighthouse.
- Sentinel Skills: All Sentinel skills available in Security Copilot can be invoked from the Azure Lighthouse tenant.
- Multi-Tenant Support: MSSPs managing multiple customers can leverage Security Copilot without requiring each customer to have it.
Example Commands and Codes:
1. Attach SCU to Azure Lighthouse Tenant:
az lighthouse scu attach --tenant-id <ManagingTenantID> --scu-id <SCUID>
2. Invoke Sentinel Skills:
az securitycopilot skill invoke --skill-name "SentinelThreatDetection" --tenant-id <CustomerTenantID>
3. Check SCU Status:
az lighthouse scu list --tenant-id <ManagingTenantID>
4. Enable Sentinel Integration:
az sentinel integration create --name "SecurityCopilotIntegration" --resource-group <ResourceGroupName> --workspace-name <WorkspaceName>
What Undercode Say:
The integration of Security Copilot with Azure Lighthouse and Microsoft Sentinel marks a significant advancement for MSSPs. This development allows MSSPs to centralize their security operations and extend advanced threat detection capabilities across multiple customer tenants without the need for individual Security Copilot deployments.
In practical terms, this means MSSPs can now use a single instance of Security Copilot to manage security across various environments, reducing complexity and cost. The ability to invoke Sentinel skills from a central tenant simplifies the management of security incidents and enhances the overall efficiency of security operations.
For those looking to implement this, the provided Azure CLI commands offer a starting point. The `az lighthouse scu attach` command is crucial for linking SCUs to the managing tenant, while `az securitycopilot skill invoke` allows MSSPs to run specific Sentinel skills on customer tenants. Additionally, the `az sentinel integration create` command facilitates the seamless integration of Security Copilot with existing Sentinel workspaces.
As the public preview progresses, we can expect further enhancements and additional skills to be supported, making Security Copilot an even more powerful tool for MSSPs. For more detailed documentation and updates, visit the Microsoft Community Hub.
This development not only streamlines security management but also paves the way for more robust and scalable security solutions in the cloud. MSSPs should take advantage of this preview to explore the capabilities and prepare for full integration once it becomes generally available.
For further reading and updates, check out the official Microsoft Security Copilot documentation.
References:
initially reported by: https://www.linkedin.com/posts/markolauren_azure-lighthouse-support-for-mssp-use-of-activity-7301322680010469377-rfxR – Hackers Feeds
Extra Hub:
Undercode AI
